This page displays vulnerability information about FreeBSD Ports.
The VUXML data was last processed by FreshPorts on 2024-09-20 06:52:49 UTC
List all Vulnerabilities, by package
List all Vulnerabilities, by date
k68These are the vulnerabilities relating to the commit you have selected:
VuXML ID | Description |
---|---|
dc8c08c7-1e7c-11db-88cf-000c6ec775d9 | apache -- mod_rewrite buffer overflow vulnerability The Apache Software Foundation and The Apache HTTP Server Project reports:
Discovery 2006-07-27 Entry 2006-07-28 Modified 2006-11-01 apache >= 1.3.28 lt 1.3.36_1 >= 2.0.46 lt 2.0.58_2 >= 2.2.0 lt 2.2.2_1 apache+mod_perl >= 1.3.28 lt 1.3.36_1 apache+ipv6 >= 1.3.28 lt 1.3.37 apache_fp >= 0 ru-apache >= 1.3.28 lt 1.3.37+30.23 ru-apache+mod_ssl >= 1.3.28 lt 1.3.34.1.57_2 apache+ssl >= 1.3.28 lt 1.3.34.1.57_2 apache+mod_ssl apache+mod_ssl+ipv6 apache+mod_ssl+mod_accel apache+mod_ssl+mod_accel+ipv6 apache+mod_ssl+mod_accel+mod_deflate apache+mod_ssl+mod_accel+mod_deflate+ipv6 apache+mod_ssl+mod_deflate apache+mod_ssl+mod_deflate+ipv6 apache+mod_ssl+mod_snmp apache+mod_ssl+mod_snmp+mod_accel apache+mod_ssl+mod_snmp+mod_accel+ipv6 apache+mod_ssl+mod_snmp+mod_deflate apache+mod_ssl+mod_snmp+mod_deflate+ipv6 apache+mod_ssl+mod_snmp+mod_accel+mod_deflate+ipv6 >= 1.3.28 lt 1.3.36+2.8.27_1 395412 CVE-2006-3747 http://marc.theaimsgroup.com/?l=apache-httpd-announce&m=115409818602955 |
6e6a6b8a-2fde-11d9-b3a2-0050fc56d258 | apache mod_include buffer overflow vulnerability There is a buffer overflow in a function used by mod_include that may enable a local user to gain privileges of a httpd child. Only users that are able to create SSI documents can take advantage of that vulnerability. Discovery 2004-10-22 Entry 2004-11-06 apache < 1.3.33 apache+mod_ssl < 1.3.32+2.8.21_1 apache+mod_ssl+ipv6 < 1.3.32+2.8.21_1 apache+mod_perl <= 1.3.31 apache+ipv6 < 1.3.33 apache+ssl <= 1.3.29.1.55 ru-apache < 1.3.33+30.21 ru-apache+mod_ssl < 1.3.33+30.21+2.8.22 CVE-2004-0940 http://www.securitylab.ru/48807.html |
651996e0-fe07-11d9-8329-000e0c2e438a | apache -- http request smuggling A Watchfire whitepaper reports an vulnerability in the Apache webserver. The vulnerability can be exploited by malicious people causing cross site scripting, web cache poisoining, session hijacking and most importantly the ability to bypass web application firewall protection. Exploiting this vulnerability requires multiple carefully crafted HTTP requests, taking advantage of an caching server, proxy server, web application firewall etc. This only affects installations where Apache is used as HTTP proxy in combination with the following web servers:
Discovery 2005-07-25 Entry 2005-07-26 Modified 2009-01-23 apache < 1.3.33_2 > 2.* lt 2.0.54_1 > 2.1.0 lt 2.1.6_1 apache+ssl < 1.3.33.1.55_1 apache+mod_perl < 1.3.33_3 apache+mod_ssl apache+mod_ssl+ipv6 apache+mod_ssl+mod_accel apache+mod_ssl+mod_accel+ipv6 apache+mod_ssl+mod_accel+mod_deflate apache+mod_ssl+mod_accel+mod_deflate+ipv6 apache+mod_ssl+mod_deflate apache+mod_ssl+mod_deflate+ipv6 apache+mod_ssl+mod_snmp apache+mod_ssl+mod_snmp+mod_accel apache+mod_ssl+mod_snmp+mod_accel+ipv6 apache+mod_ssl+mod_snmp+mod_deflate apache+mod_ssl+mod_snmp+mod_deflate+ipv6 apache+mod_ssl+mod_snmp+mod_accel+mod_deflate+ipv6 < 1.3.33+2.8.22_1 apache_fp > 0 apache+ipv6 < 1.3.37 ru-apache < 1.3.34+30.22 ru-apache+mod_ssl < 1.3.34+30.22+2.8.25 14106 CVE-2005-2088 http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf |
4238151d-207a-11d9-bfe2-0090962cff2a | mod_ssl -- SSLCipherSuite bypass It is possible for clients to use any cipher suite configured by the virtual host, whether or not a certain cipher suite is selected for a specific directory. This might result in clients using a weaker encryption than originally configured. Discovery 2004-10-01 Entry 2004-10-23 ru-apache+mod_ssl <= 1.3.31+30.20+2.8.18 apache+mod_ssl < 1.3.31+2.8.20 apache+mod_ssl+ipv6 <= 1.3.31+2.8.18_4 apache2 <= 2.0.52_1 CVE-2004-0885 http://marc.theaimsgroup.com/?l=apache-modssl&m=109724918128044 http://issues.apache.org/bugzilla/show_bug.cgi?id=31505 |
9fff8dc8-7aa7-11da-bf72-00123f589060 | apache -- mod_imap cross-site scripting flaw The Apache HTTP Server Project reports:
Discovery 2005-11-01 Entry 2006-01-01 Modified 2009-01-23 apache >= 1.3 lt 1.3.34_3 >= 2.0.35 lt 2.0.55_2 >= 2.1 lt 2.1.9_3 >= 2.2 lt 2.2.0_3 apache+mod_perl < 1.3.34_1 apache_fp >= 0 apache+ipv6 < 1.3.37 ru-apache < 1.3.34+30.22_1 ru-apache+mod_ssl < 1.3.34+30.22+2.8.25_1 apache+ssl >= 1.3.0 lt 1.3.33.1.55_2 apache+mod_ssl apache+mod_ssl+ipv6 apache+mod_ssl+mod_accel apache+mod_ssl+mod_accel+ipv6 apache+mod_ssl+mod_accel+mod_deflate apache+mod_ssl+mod_accel+mod_deflate+ipv6 apache+mod_ssl+mod_deflate apache+mod_ssl+mod_deflate+ipv6 apache+mod_ssl+mod_snmp apache+mod_ssl+mod_snmp+mod_accel apache+mod_ssl+mod_snmp+mod_accel+ipv6 apache+mod_ssl+mod_snmp+mod_deflate apache+mod_ssl+mod_snmp+mod_deflate+ipv6 apache+mod_ssl+mod_snmp+mod_accel+mod_deflate+ipv6 < 1.3.34+2.8.25_1 CVE-2005-3352 15834 http://www.apacheweek.com/features/security-13 http://www.apacheweek.com/features/security-20 |
cae01d7b-110d-11df-955a-00219b0fc4d8 | apache -- Prevent chunk-size integer overflow on platforms where sizeof(int) < sizeof(long) Apache ChangeLog reports:
Discovery 2009-06-30 Entry 2010-02-03 Modified 2010-02-03 apache < 1.3.42 apache+mod_perl < 1.3.42 apache+ipv6 < 1.3.42 apache_fp >= 0 ru-apache < 1.3.42+30.23 ru-apache+mod_ssl < 1.3.42 apache+ssl < 1.3.42.1.57_2 apache+mod_ssl apache+mod_ssl+ipv6 apache+mod_ssl+mod_accel apache+mod_ssl+mod_accel+ipv6 apache+mod_ssl+mod_accel+mod_deflate apache+mod_ssl+mod_accel+mod_deflate+ipv6 apache+mod_ssl+mod_deflate apache+mod_ssl+mod_deflate+ipv6 apache+mod_ssl+mod_snmp apache+mod_ssl+mod_snmp+mod_accel apache+mod_ssl+mod_snmp+mod_accel+ipv6 apache+mod_ssl+mod_snmp+mod_deflate apache+mod_ssl+mod_snmp+mod_deflate+ipv6 apache+mod_ssl+mod_snmp+mod_accel+mod_deflate+ipv6 < 1.3.41+2.8.27_2 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0010 http://www.security-database.com/detail.php?alert=CVE-2010-0010 http://security-tracker.debian.org/tracker/CVE-2010-0010 http://www.vupen.com/english/Reference-CVE-2010-0010.php |
d8c901ff-0f0f-11e1-902b-20cf30e32f6d | Apache 1.3 -- mod_proxy reverse proxy exposure Apache HTTP server project reports:
Discovery 2011-10-05 Entry 2011-11-14 apache < 1.3.43 apache+ssl < 1.3.43.1.59_2 apache+ipv6 < 1.3.43 apache+mod_perl < 1.3.43 apache+mod_ssl < 1.3.41+2.8.31_4 apache+mod_ssl+ipv6 < 1.3.41+2.8.31_4 ru-apache-1.3 < 1.3.43+30.23_1 ru-apache+mod_ssl < 1.3.43+30.23_1 CVE-2011-3368 http://httpd.apache.org/security/vulnerabilities_13.html http://seclists.org/fulldisclosure/2011/Oct/232 |
18974c8a-1fbd-11d9-814e-0001020eed82 | apache13-modssl -- format string vulnerability in proxy support A OpenPKG Security Advisory reports:
Discovery 2004-07-16 Entry 2004-10-17 apache+mod_ssl < 1.3.31+2.8.19 apache+mod_ssl+ipv6 < 1.3.31+2.8.19 ru-apache+mod_ssl < 1.3.31+30.20+2.8.19 10736 303448 CVE-2004-0700 http://www.openpkg.org/security/OpenPKG-SA-2004.032-apache.html http://packetstormsecurity.org/0407-advisories/modsslFormat.txt http://marc.theaimsgroup.com/?l=apache-modssl&m=109001100906749 |